[kwlug-disc] Re-re-re-re hashing the idea of running your own email server.

Bob Jonkman bjonkman at sobac.com
Thu Dec 15 13:48:23 EST 2016 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I think Cedric is referring to Postini, and other "SpamAssasin As A
Service" providers ;-)

- --Bob, who realizes that should be SaaaS

On 2016-12-15 10:27 AM, Chamunks wrote:
> Any example of a SaaS filter because I thought that SaaS meant
> something else.
> 
> On Thu, Dec 15, 2016, 10:05 AM Cedric Puddy <cedric at ccj.host>
> wrote:
> 
>> tl;dr: I recommend using a outside SaaS inbound/outbound email
>> filter to keep the jerks from causing you hassle -- I think that
>> cuts out 90% of the hassle of running your own server.
>> 
>> ------------ Setting up a straight-forward SMTP/POP/IMAP mail
>> server is pretty straightforward, most have decent implementation
>> how-tos written; though I might be remembering my own learning
>> process through rose-tinted glasses -- perhaps it was harder to
>> learn to than I remember.
>> 
>> I used to use Sendmail extensively, and now I use EXIM (under
>> cPanel, which, granted, automates several of the key points of
>> setting up a mail server, but costs enough that it's not
>> practical for revenue-free projects), but the tuning,
>> understanding delivery rules, being able to understand the and
>> correct the behaviour of the system remains.
>> 
>> We've got tonnes of accounts in there, multiple servers, etc...
>> but the biggest simplifying factor that keeps the wily internet
>> jerks at bay is choosing to use an outsourced SaaS email filter
>> on both inbound and outbound email; if your goal is guaranteed
>> privacy*, or absolute minimal cost, then this might not be an
>> option; for people running like me trying to run a service, and
>> don't want to be fighting with RBL blacklist operators, wondering
>> what to do when someone tries to DDOS your SMTP port, etc, then
>> it's very viable indeed, especially if you have a small number
>> of users.
>> 
>> The key point is that when outbound mail goes out, it goes out
>> via the filtering providers outbound relay nodes (and if they
>> want to keep getting paid, they've got to make sure those nodes
>> stay off blacklists, etc), and when mail comes in, the only thing
>> they can talk to is the relay provider (who has security and
>> network people to deal with all the inbound crazy, DDOS crap,
>> etc).
>> 
>> Something to consider anyway; I expect to be always running mail
>> servers for myself and clients, and I have no plans to ever do so
>> without a managed filter in front of those machines.
>> 
>> -Cedric
>> 
>> *(if you believe that email can be secured, without encrypting
>> content, and even then that the meta-data is nothing to worry
>> about, and the fact the servers you communicate with can be huge
>> info leaks you can control or monitor ... all I'm saying is that
>> the SaaS filter has to be considered in context.  If you already
>> encrypt 100% of your email body text, use smtp mixers via Tor
>> from a VPN exit node in Sweden, and etc, etc to accomplish 
>> perfect info-sec, then yeah, you probably don't want or need a
>> SaaS filter)
>> 
>> On 15 December 2016 at 00:06, Chamunks <chamunks at gmail.com>
>> wrote:
>> 
>> I figured since I accidentally threadjacked that last
>> conversation about NextCloud that I would start a new one.
>> 
>> B.S. <bs27975.2 at gmail.com>
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> *Running one's own e-mail server is always a popular topic.Any
>> amount of poking into the idea quickly reveals an unexpected
>> amountof complexity and gotchas, which can be daunting - perhaps
>> not so muche-mail / the server itself, but the necessary
>> ecosystem that surroundsit in today's world. Let alone if you
>> expand the topic to'communications' (instant messaging, 'skype',
>> IRC, and the like). Iexpect many skitter away from the idea
>> rather quickly.Yet many do it, presumably happily and
>> successfully.[Mind you, I thought the same thing about voip /
>> voip.ms <http://voip.ms/>, buteventually, especially after posts
>> from John, Oksana, and Raul, haven'tlooked back since.]Any
>> favourite 'how to' links out there?(Such seem to be a moving
>> target, it can be hard to discern what's'current'.)*
>> 
>> https://mailinabox.email/ if you trust the concept of curl'ing
>> directly to bash.  I've been tempted to try and get all of the
>> dependencies pulled into one gigantic docker image and see if I
>> can't get it running there. Just seems kinda crazy complex it
>> includes everything like even a damn DNS provider so that it can
>> just update its own DNS records which will open you up to DDOS
>> problems.
>> 
>> There are a few dockerized megalithic containers now that exist
>> that can theoretically ship all of the stuff you need too but I
>> think that MailInABox recommended via https://privacytools.io
>> sounds like just about the most promising.
>> 
>> I personally would prefer using something more like Rain Loop 
>> <https://www.rainloop.net/> which might actually help me
>> encourage myself to use PGP.  I don't trust options that offer to
>> host my PGP keys on someone else's proprietary service but I also
>> need to have sync.  Also, my biggest problem is Protonmail may
>> boast a great concept but I don't need yet another damn app on my
>> phone that's going to burn my battery.  It also needs to be
>> something that I'll actually check too so I realize modern 
>> convenience has made this somewhat of a tall order but I don't
>> want my stuff in the cloud anymore.
>> 
>> _______________________________________________ kwlug-disc
>> mailing list kwlug-disc at kwlug.org 
>> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>> 
>> 
>> 
>> 
>> --
>> 
>> |  CCj/ClearLine - Hosting and TCP/IP Network Services since
>> 1997
>> 
>> |  118 Louisa Street, Kitchener, Ontario, N2H 5M3,
>> 519-489-0478x102
>> 
>> \________________________________________________________
>> 
>> Cedric Puddy, IS Director            cedric at ccj.host 
>> _______________________________________________ kwlug-disc
>> mailing list kwlug-disc at kwlug.org 
>> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>> 
> 
> 
> 
> _______________________________________________ kwlug-disc mailing
> list kwlug-disc at kwlug.org 
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
> 

- -- 


- --
Bob Jonkman <bjonkman at sobac.com>          Phone: +1-519-635-9413
SOBAC Microcomputer Services             http://sobac.com/sobac/
Software   ---   Office & Business Automation   ---   Consulting
GnuPG Fngrprnt:04F7 742B 8F54 C40A E115 26C2 B912 89B0 D2CC E5EA



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Ensure confidentiality, authenticity, non-repudiability

iEYEARECAAYFAlhS5WsACgkQuRKJsNLM5eq9EQCfUXGIvy/be44cILyLpqKakRld
YR8AnjpLPQBv4WZ8o4MYzDAbLr4MTHNc
=neUB
-----END PGP SIGNATURE-----

More information about the kwlug-disc mailing list